Blacknet & Lotus Notes

Adam Shostack adam at lighthouse.homeport.org
Thu Jan 18 18:47:06 PST 1996 

	Espionage Enabling in Action, or
	"How much is that escrow key in the window?"

	We all know how cheaply spies sell out.  The Falcon and the
Snowman got a few tens of thousands for years of crypto keys and
satelite data.  Pollard got 50,000 for cubic yards of documents on all
sorts of subject.  The Walkers gave the Soviets a volume purchase
discount, and Ames got 2 million for running the CIA's
counter-espionage program on behalf of the KGB.  This little key to
handle 24 bits of data is nothing.  It can easily be smuggled out on a
floppy, in an encrypted email message, or even printed out and sent
through the mail.  Assuming many federal employees will all have
access to the same key, its not much of a secret.

	So, lets buy the espionage enabling secret key.  Its an
obvious target, not just for cypherpunks, but for the KGB, Mossad,
Toshiba, IBM, and anyone else who wants to read their competitors
correspondance.  Lets face it, this key will get out there, and be
available to all the big players; lets make it available to everyone!

	This is a job for ... Blacknet!  This is exactly the kind of
information thats easy to resell.  Its small; no smuggling DATs full
of B2 bomber plans out, just a small file on a floppy disk.  Its
easily checked, if the Lotus message formats are public, slightly less
so if they're not.  Who would buy?  Pick an intelligence agency.  Pick
any large company whose compitition uses Notes.  Heck, I'd bet there
are US government agencies (FBI, BATF, LAPD) who would buy it once we
made it available.

	Its a near perfect demonstration of the foolishness of the
government's position.  Once this key, like the clipper keys, becomes
easily available, the foolishness of the idea of GAK becomes
magnified.  Its ANOTHER government program that can't be run properly,
thats opposed by 80% of Americans, and that doesn't even sell
overseas.

	The persons responsible might even get to claim to be
whistleblowers, demonstrating how easy it is to subvert this foolish
plan that will continue to cost American business 60 billion a year in
lost sales overseas.

	So...Is Notes V4 shipping yet?  Do we know how many bits of
key we're after?  (NB: I'm assuming that (some part of) the US
government has an RSA private key which is used to encrypt the 24 bits
of GAK'd key.)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

More information about the cypherpunks-legacy mailing list